This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Deep Links for token import fails on Android 12

Article Number

000040021

Applies To

SecurID App 3.0.2
SecurID App 4.0

Issue

Users are unable to tap on a CTF or a CTKIP link to automatically launch the SecuID app and provision the token seed on Android 12 devices.

Cause

The default AM SWT Definition configuration for the Android SecurID app uses HTTP://127.0.0.1 URL as the app link. When the user taps on the link or scans a QR code with the link embedded, the SecurID app auto-launches and imports the CTF data or triggers CTKIP exchange with the CTKIP server.  Starting with Android 12, Google enforces the ownership verification of Android app links.  The ownership verification mechanism requires the use of fully qualified domain names that are reachable and from which the Android system downloads a proof of ownership of the app code signing certificate. The HTTP://127.0.0.1 is not a verifiable link and our current cloud infrastructure does not support the download of the proof of ownership.  When a user taps on The HTTP://127.0.0.1, nothing happens.

Workaround

Pre CAS January rollout completion

Customers must use HTTP://127.0.0.1 as the app link to provision tokens using CTF or CTKIP methods for all SecurID app versions and Android versions; however, tapping on the app link will not work on Android 12 devices. 

As a workaround on Android 12, users have two options:

  1. Copy the app link that they receive via email or other messaging channels, open the SecurID app, and then paste the link into the "Registration Code or URL" text field.
  2. In Android device settings, add the HTTP://127.0.0.1 to a trusted list of URLs.

Post CAS January rollout completion

Customers should import a new SWT Definition file from RSA.

The new SWT Definition file uses a verifiable app link (https://authenticator.securid.com) for CTF and CTKIP token provision. 

When assigning a token to a SecurID app v4.0 or later versions, the admin must use the new SWT Definition File (https://authenticator.securid.com) to enable the tap-to-launch feature on all Android versions including Android 12. 

When assigning a token to a SecurID app v3.0 or older, the admin must use the old SWT Definition File (https://127.0.0.1) to enable the tap-to-launch feature on all Android versions except Android 12. A user of SecuID v3.0 or older on Android 12 must copy and paste the app link or add the link to the trusted URL list as a workaround to provision AM tokens.   

0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-01-12 11:06 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.